Controlling execution of software by combining secure boot and trusted boot features

ABSTRACT

Controlling execution of software is provided. In response to receiving an input to execute a software module on a data processing system, a set of measurements are performed on the software module performing a process to prepare the software module for execution on the data processing system. In response to determining that the set of measurements meets a predetermined criterion, an authorization to proceed with the process of preparing the software module for execution on the data processing system is requested from a trusted third party computer. In response to receiving the authorization to proceed with the process of preparing the software module for execution on the data processing system from the trusted third party computer, the software module is executed.

BACKGROUND 1. Field

The disclosure relates generally to software execution and morespecifically to controlling execution of a software module on a dataprocessing system by combining features of a secure boot process and atrusted boot process.

2. Description of the Related Art

Security is a widespread concern for computer users. Computer securityis a broad concept covering various types of unauthorized involvementwith computing systems. Viruses, worms, Trojan horses, and softwarealterations are rampant. Unauthorized modifications to computer softwaremay be performed for malicious purposes. Any software executed on acomputer may be under attack. From a security perspective, any softwareon a computer may be considered at risk, as flaws in the software mayallow malware to exploit the flaws to, for example, misappropriatepasswords or other sensitive information. Of concern is the ability tomonitor and verify the integrity of software resources, such as,operating systems and applications, on a computer.

SUMMARY

According to one illustrative embodiment, a computer-implemented methodfor controlling execution of software is provided. In response to a dataprocessing system receiving an input to execute a software module on thedata processing system, the data processing system performs a set ofmeasurements on the software module while performing a process toprepare the software module for execution on the data processing system.In response to the data processing system determining that the set ofmeasurements meets a predetermined criterion, the data processing systemrequests an authorization to proceed with the process of preparing thesoftware module for execution on the data processing system from atrusted third party computer. In response to the data processing systemreceiving the authorization to proceed with the process of preparing thesoftware module for execution on the data processing system from thetrusted third party computer, the data processing system executes thesoftware module. According to other illustrative embodiments, a dataprocessing system and computer program product for controlling executionof software are provided.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a pictorial representation of a network of data processingsystems in which illustrative embodiments may be implemented;

FIG. 2 is a diagram of a data processing system in which illustrativeembodiments may be implemented;

FIG. 3 is a diagram illustrating an example software module executionsystem in accordance with an illustrative embodiment;

FIGS. 4A-4B are a flowchart illustrating a process for controllingexecution of software in accordance with an illustrative embodiment; and

FIG. 5 is a flowchart illustrating a process for generating anauthorization response in accordance with an illustrative embodiment.

DETAILED DESCRIPTION

The present invention may be a system, a method, and/or a computerprogram product. The computer program product may include a computerreadable storage medium (or media) having computer readable programinstructions thereon for causing a processor to carry out aspects of thepresent invention.

The computer readable storage medium can be a tangible device that canretain and store instructions for use by an instruction executiondevice. The computer readable storage medium may be, for example, but isnot limited to, an electronic storage device, a magnetic storage device,an optical storage device, an electromagnetic storage device, asemiconductor storage device, or any suitable combination of theforegoing. A non-exhaustive list of more specific examples of thecomputer readable storage medium includes the following: a portablecomputer diskette, a hard disk, a random access memory (RAM), aread-only memory (ROM), an erasable programmable read-only memory (EPROMor Flash memory), a static random access memory (SRAM), a portablecompact disc read-only memory (CD-ROM), a digital versatile disk (DVD),a memory stick, a floppy disk, a mechanically encoded device such aspunch-cards or raised structures in a groove having instructionsrecorded thereon, and any suitable combination of the foregoing. Acomputer readable storage medium, as used herein, is not to be construedas being transitory signals per se, such as radio waves or other freelypropagating electromagnetic waves, electromagnetic waves propagatingthrough a waveguide or other transmission media (e.g., light pulsespassing through a fiber-optic cable), or electrical signals transmittedthrough a wire.

Computer readable program instructions described herein can bedownloaded to respective computing/processing devices from a computerreadable storage medium or to an external computer or external storagedevice via a network, for example, the Internet, a local area network, awide area network and/or a wireless network. The network may comprisecopper transmission cables, optical transmission fibers, wirelesstransmission, routers, firewalls, switches, gateway computers and/oredge servers. A network adapter card or network interface in eachcomputing/processing device receives computer readable programinstructions from the network and forwards the computer readable programinstructions for storage in a computer readable storage medium withinthe respective computing/processing device.

Computer readable program instructions for carrying out operations ofthe present invention may be assembler instructions,instruction-set-architecture (ISA) instructions, machine instructions,machine dependent instructions, microcode, firmware instructions,state-setting data, or either source code or object code written in anycombination of one or more programming languages, including an objectoriented programming language such as Smalltalk, C++ or the like, andconventional procedural programming languages, such as the “C”programming language or similar programming languages. The computerreadable program instructions may execute entirely on the user'scomputer, partly on the user's computer, as a stand-alone softwarepackage, partly on the user's computer and partly on a remote computeror entirely on the remote computer or server. In the latter scenario,the remote computer may be connected to the user's computer through anytype of network, including a local area network (LAN) or a wide areanetwork (WAN), or the connection may be made to an external computer(for example, through the Internet using an Internet Service Provider).In some embodiments, electronic circuitry including, for example,programmable logic circuitry, field-programmable gate arrays (FPGA), orprogrammable logic arrays (PLA) may execute the computer readableprogram instructions by utilizing state information of the computerreadable program instructions to personalize the electronic circuitry,in order to perform aspects of the present invention.

Aspects of the present invention are described below with reference toflowchart illustrations and/or block diagrams of methods, apparatus(systems) and computer program products according to embodiments of theinvention. It will be understood that each block of the flowchartillustrations and/or block diagrams, and combinations of blocks in theflowchart illustrations and/or block diagrams, can be implemented bycomputer readable program instructions.

These computer program instructions may be provided to a processor of ageneral purpose computer, special purpose computer, or otherprogrammable data processing apparatus to produce a machine, such thatthe instructions, which execute via the processor of the computer orother programmable data processing apparatus, create means forimplementing the functions/acts specified in the flowchart and/or blockdiagram block or blocks. These computer program instructions may also bestored in a computer readable medium that can direct a computer, otherprogrammable data processing apparatus, or other devices to function ina particular manner, such that the instructions stored in the computerreadable medium produce an article of manufacture including instructionswhich implement the function/act specified in the flowchart and/or blockdiagram block or blocks.

The computer readable program instructions may also be loaded onto acomputer, other programmable data processing apparatus, or other deviceto cause a series of operational steps to be performed on the computer,other programmable apparatus or other device to produce a computerimplemented process, such that the instructions which execute on thecomputer, other programmable apparatus, or other device implement thefunctions/acts specified in the flowchart and/or block diagram block orblocks.

The flowchart and block diagrams in the Figures illustrate thearchitecture, functionality, and operation of possible implementationsof systems, methods, and computer program products according to variousembodiments of the present invention. In this regard, each block in theflowchart or block diagrams may represent a module, segment, or portionof instructions, which comprises one or more executable instructions forimplementing the specified logical function(s). In some alternativeimplementations, the functions noted in the block may occur out of theorder noted in the figures. For example, two blocks shown in successionmay, in fact, be executed substantially concurrently, or the blocks maysometimes be executed in the reverse order, depending upon thefunctionality involved. It will also be noted that each block of theblock diagrams and/or flowchart illustration, and combinations of blocksin the block diagrams and/or flowchart illustration, can be implementedby special purpose hardware-based systems that perform the specifiedfunctions or acts or carry out combinations of special purpose hardwareand computer instructions.

With reference now to the figures, and in particular, with reference toFIGS. 1-3, diagrams of data processing environments are provided inwhich illustrative embodiments may be implemented. It should beappreciated that FIGS. 1-3 are only meant as examples and are notintended to assert or imply any limitation with regard to theenvironments in which different embodiments may be implemented. Manymodifications to the depicted environments may be made.

FIG. 1 depicts a pictorial representation of a network of dataprocessing systems in which illustrative embodiments may be implemented.Network data processing system 100 is a network of computers, dataprocessing systems, and other devices in which the illustrativeembodiments may be implemented. Network data processing system 100contains network 102, which is the medium used to provide communicationslinks between the computers, data processing systems, and other devicesconnected together within network data processing system 100. Network102 may include connections, such as, for example, wire communicationlinks, wireless communication links, and fiber optic cables.

In the depicted example, server 104 and server 106 connect to network102, along with storage 108. Server 104 and server 106 may be, forexample, server computers with high-speed connections to network 102 andmay each represent a set of one or more server computers, a rack ofserver computers, a data center, or a cloud environment. In addition,server 104 and server 106 may provide, for example, a set of one or moreservices for controlling execution of software on client data processingsystem devices. For example, server 104 or server 106 may analyzemeasurements of a software module at predefined critical points whileperforming a process to prepare the software module for execution on aclient data processing system device and analyze a context associatedwith preparing the software module for execution on the client dataprocessing system device. In addition, server 104 or server 106 maydirect the client data processing system device to either continue withthe process of preparing the software module for execution or terminatethe preparation process altogether based on the analysis of the softwaremodule measurements and context.

Client 110, client 112, and client 114 also connect to network 102.Clients 110, 112, and 114 are clients of server 104 or server 106.Server 104 and server 106 may provide information, such as boot files,operating system images, and software applications to clients 110, 112,and 114.

In this example, clients 110, 112, and 114 are shown as desktopcomputers that may include wire or wireless communication links tonetwork 102. However, it should be noted that clients 110, 112, and 114are intended as examples only. In other words, clients 110, 112, and 114also may include other devices, such as, for example, network computers,laptop computers, handheld computers, smart phones, smart watches,personal digital assistants, gaming devices, kiosks, set-top boxes, orany combination thereof.

Storage 108 is a network storage device capable of storing any type ofdata in a structured format or an unstructured format. In addition,storage 108 may represent a set of one or more network storage devices.Storage 108 may store, for example, names and identification datacorresponding to a plurality of different client device users and clientdevices, software module execution preparation managers, softwaremodules, and the like. In addition, storage 108 may store authenticationcredential data, such as user names, passwords, and biometric data,corresponding to the plurality of client device users and systemadministrators, for example.

In addition, it should be noted that network data processing system 100may include any number of additional server devices, client devices, andother devices not shown. Program code located in network data processingsystem 100 may be stored on a computer readable storage medium anddownloaded to a computer or other data processing device for use. Forexample, program code may be stored on a computer readable storagemedium on server 104 and downloaded to client 110 over network 102 foruse on client 110.

In the depicted example, network data processing system 100 may beimplemented as a number of different types of communication networks,such as, for example, an internet, an intranet, a local area network(LAN), and a wide area network (WAN). FIG. 1 is intended as an exampleand not as an architectural limitation for the different illustrativeembodiments. For example, network data processing system 100 may beimplemented in a cloud environment.

With reference now to FIG. 2, a diagram of a data processing system isdepicted in accordance with an illustrative embodiment. Data processingsystem 200 is an example of a computer or other type of data processingsystem, such as client 110 in FIG. 1, in which computer readable programcode or program instructions implementing processes of illustrativeembodiments may be located. In this illustrative example, dataprocessing system 200 includes communications fabric 202, which providescommunications between processor unit 204, memory 206, persistentstorage 208, trusted platform module 210, communications unit 212,input/output (I/O) unit 214, and display 216.

Processor unit 204 serves to execute instructions for softwareapplications and programs that may be loaded into memory 206. Processorunit 204 may be a set of one or more hardware processor devices or maybe a multi-processor core, depending on the particular implementation.Further, processor unit 204 may be implemented using one or moreheterogeneous processor systems, in which a main processor is presentwith secondary processors on a single chip. As another illustrativeexample, processor unit 204 may be a symmetric multi-processor systemcontaining multiple processors of the same type.

Memory 206 and persistent storage 208 are examples of storage devices218. A computer readable storage device is any piece of hardware that iscapable of storing information, such as, for example, withoutlimitation, data, computer readable program code in functional form,and/or other suitable information either on a transient basis and/or apersistent basis. Further, a computer readable storage device excludes apropagation medium. Memory 206, in these examples, may be, for example,a random access memory, or any other suitable volatile or non-volatilestorage device. Persistent storage 208 may take various forms, dependingon the particular implementation. For example, persistent storage 208may contain one or more devices. For example, persistent storage 208 maybe a hard drive, a flash memory, a rewritable optical disk, a rewritablemagnetic tape, or some combination of the above. The media used bypersistent storage 208 may be removable. For example, a removable harddrive may be used for persistent storage 208.

In this example, persistent storage 208 stores software module executionpreparation manager 220. Software module execution preparation manager220 controls a process for preparing software module 222 to execute indata processing system 200. Software module execution preparationmanager 220 may be, for example, a basic input output system (BIOS) orany other type of system or process capable of preparing software module222 for execution on data processing system 200. Software module 222 maybe, for example, an operating system, a software application, a softwareprogram, a script, or the like. In addition, software module executionpreparation manager 220 also performs a set of one or more measurementson software module 222 while preparing software module 222 forexecution. It should be noted that software module execution preparationmanager 220 does not perform all measurements of software module 222. Inother words, data processing system 200 may utilize other components toperform additional measurements on software module 222. In addition,software module 222 may represent one of a plurality of differentsoftware modules loaded on data processing system 200. Also, it shouldbe noted that even though software module execution preparation manager220 is illustrated as residing in persistent storage 208, in analternative illustrative embodiment software module executionpreparation manager 220 may be a separate component of data processingsystem 200. For example, software module execution preparation manager220 may be a hardware component coupled to communication fabric 202 or acombination of hardware and software components.

In addition to storing software module 222, persistent storage 208 alsostores software module measurement log 224. However, it should be notedthat alternative illustrative embodiments may store more or less data inpersistent storage 208 than illustrated. In this example, softwaremodule 222 includes predefined critical points 226 and context 228.Predefined critical points 226 represent a set of one or more locationswithin software module 222 where specified action steps or events occurwhile the process of preparing software module 222 for execution isbeing performed prior to execution of software module 222. For example,a predefined critical point may be where software module 222 wants toconnect to a network or access an encrypted storage during the executionpreparation process. However, it should be noted that predefinedcritical points 226 may depend on the type of data processing system,software module, or security model utilizing illustrative embodiments.

Software module execution preparation manager 220 also records context228. Context 228 is associated with the preparation of software module222 for execution. Context 228 represents the circumstances surroundingor associated with preparing software module 222 for execution. Forexample, context 228 may include, for example, a time of day, a risklevel corresponding to execution of software module 222, physicallocation of data processing system 200, an identity of a user operatingdata processing system 200, and the like.

Software module measurement log 224 represents a history of measurementsand events associated with the preparation of software module 222 forexecution. Software module execution preparation manager 220 stores themeasurements performed by software module execution preparation manager220 on software module 222 in software module measurement log 224.

Trusted platform module 210 is a specialized secure cryptographicprocessor chip that generates cryptographic keys for encrypting anddecrypting data within trusted platform module 210. Trusted platformmodule 210 includes a set of platform configuration registers that allowsecure storage of, for example, a hash, a digest, a summary, or acompression of software module measurement log 224. In addition, trustedplatform module 210 may include a set of repair instructions regardinghow to transition from a restricted execution of software module 222 toan unrestricted full execution of software module 222.

When software module execution preparation manager 220 reaches apredefined critical point in predefined critical points 226, softwaremodule execution preparation manager 220 directs trusted platform module210 to utilize a cryptographic key to generate digitally signed quote236 of the hash/digest/summary/compression of software modulemeasurement log 224 stored in the set of platform configurationregisters up to that predefined critical point. Then, software moduleexecution preparation manager 220 sends software module measurement log224 and digitally signed quote 236 to a trusted third party server foranalysis via a network, such as network 102 in FIG. 1. However, itshould be noted that alternative illustrative embodiments may utilize,for example, a point-to-point connection, peer-to-peer communication, adedicated link, or dedicated hardware for communication between dataprocessing system 200 and the trusted third party server. The trustedthird party server may be, for example, server 104 in FIG. 1.

Subsequently, the trusted third party server sends an authorizationresponse to data processing system 200. It should be noted that thetrusted third party server may digitally sign the authorizationresponse. The authorization response represents a message from thetrusted third party server indicating that the trusted third partyserver has verified the integrity of software module 222 based ondigitally signed quote 236 and software module measurement log 224 andcontext 228 prior to data processing system 200 executing softwaremodule 222. Software module execution preparation manager 220 analyzesthe authorization response to determine whether authorization responseincludes unrestricted full execution authorization or restrictedexecution authorization. If the trusted third party server verified theintegrity of software module 222, then the trusted third party serversends full execution authorization within the authorization response.Full execution authorization represents permission for data processingsystem 200 to proceed with the preparation of software module 222 forexecution and to execute software module 222 without any restrictions.If the trusted third party server cannot verify the integrity ofsoftware module 222, then the trusted third party server sends arestricted execution authorization within the authorization response.Restricted execution authorization may represent permission for dataprocessing system 200 to proceed with preparation of software module 222for execution, but to execute software module 222 with a limitedcapability. Limited capability may mean, for example, that dataprocessing system 200 allows software module 222 restricted or no accessto resources, such as networks or encrypted drives. Also, it should benoted that the authorization response may include an instruction fromthe trusted third party server to terminate the process of preparingsoftware module 222 for execution based on analyses of the softwaremodule measurement log 224 and context 228.

Further, trusted platform module 210 determines whether theauthorization response satisfies security policy 238. If theauthorization response does satisfy security policy 238, then trustedplatform module 210 releases secret cryptographic key 240. Secretcryptographic key 240 represents a key that is required for dataprocessing system 200 to proceed or continue with the process ofpreparing software module 222 for execution. Secret cryptographic key240 may be, for example, a transport layer security key for connectingto a network or a decryption key for decrypting an encrypted drive.

Communications unit 212, in this example, provides for communicationwith other computers, data processing systems, and devices via anetwork, such as network 102 in FIG. 1. Communications unit 212 mayprovide communications using both physical and wireless communicationslinks. The physical communications link may utilize, for example, awire, cable, universal serial bus, or any other physical technology toestablish a physical communications link for data processing system 200.The wireless communications link may utilize, for example, shortwave,high frequency, ultra high frequency, microwave, wireless fidelity(Wi-Fi), bluetooth technology, global system for mobile communications(GSM), code division multiple access (CDMA), second-generation (2G),third-generation (3G), fourth-generation (4G), 4G Long Term Evolution(LTE), LTE Advanced, or any other wireless communication technology orstandard to establish a wireless communications link for data processingsystem 200.

Input/output unit 214 allows for the input and output of data with otherdevices that may be connected to data processing system 200. Forexample, input/output unit 214 may provide a connection for user inputthrough a keypad, a keyboard, a mouse, and/or some other suitable inputdevice. Display 216 provides a mechanism to display information to auser and may include touch screen capabilities to allow the user to makeon-screen selections through user interfaces or input data, for example.

Instructions for the operating system, applications, and/or programs maybe located in storage devices 218, which are in communication withprocessor unit 204 through communications fabric 202. In thisillustrative example, the instructions are in a functional form onpersistent storage 208. These instructions may be loaded into memory 206for running by processor unit 204. The processes of the differentembodiments may be performed by processor unit 204 using computerimplemented program instructions, which may be located in a memory, suchas memory 206. These program instructions are referred to as programcode, computer usable program code, or computer readable program codethat may be read and run by a processor in processor unit 204. Theprogram code, in the different embodiments, may be embodied on differentphysical computer readable storage devices, such as memory 206 orpersistent storage 208.

Program code 242 is located in a functional form on computer readablemedia 244 that is selectively removable and may be loaded onto ortransferred to data processing system 200 for running by processor unit204. Program code 242 and computer readable media 244 form computerprogram product 246. In one example, computer readable media 244 may becomputer readable storage media 248 or computer readable signal media250. Computer readable storage media 248 may include, for example, anoptical or magnetic disc that is inserted or placed into a drive orother device that is part of persistent storage 208 for transfer onto astorage device, such as a hard drive, that is part of persistent storage208. Computer readable storage media 248 also may take the form of apersistent storage, such as a hard drive, a thumb drive, or a flashmemory that is connected to data processing system 200. In someinstances, computer readable storage media 248 may not be removable fromdata processing system 200.

Alternatively, program code 242 may be transferred to data processingsystem 200 using computer readable signal media 250. Computer readablesignal media 250 may be, for example, a propagated data signalcontaining program code 242. For example, computer readable signal media250 may be an electro-magnetic signal, an optical signal, and/or anyother suitable type of signal. These signals may be transmitted overcommunication links, such as wireless communication links, an opticalfiber cable, a coaxial cable, a wire, and/or any other suitable type ofcommunications link. In other words, the communications link and/or theconnection may be physical or wireless in the illustrative examples. Thecomputer readable media also may take the form of non-tangible media,such as communication links or wireless transmissions containing theprogram code.

In some illustrative embodiments, program code 242 may be downloadedover a network to persistent storage 208 from another device or dataprocessing system through computer readable signal media 250 for usewithin data processing system 200. For instance, program code stored ina computer readable storage media in a data processing system may bedownloaded over a network from the data processing system to dataprocessing system 200. The data processing system providing program code242 may be a server computer, a client computer, or some other devicecapable of storing and transmitting program code 242.

The different components illustrated for data processing system 200 arenot meant to provide architectural limitations to the manner in whichdifferent embodiments may be implemented. The different illustrativeembodiments may be implemented in a data processing system includingcomponents in addition to, or in place of, those illustrated for dataprocessing system 200. Other components shown in FIG. 2 can be variedfrom the illustrative examples shown. The different embodiments may beimplemented using any hardware device or system capable of executingprogram code. As one example, data processing system 200 may includeorganic components integrated with inorganic components and/or may becomprised entirely of organic components excluding a human being. Forexample, a storage device may be comprised of an organic semiconductor.

As another example, a computer readable storage device in dataprocessing system 200 is any hardware apparatus that may store data.Memory 206, persistent storage 208, and computer readable storage media248 are examples of physical storage devices in a tangible form.

In another example, a bus system may be used to implement communicationsfabric 202 and may be comprised of one or more buses, such as a systembus or an input/output bus. Of course, the bus system may be implementedusing any suitable type of architecture that provides for a transfer ofdata between different components or devices attached to the bus system.Additionally, a communications unit may include one or more devices usedto transmit and receive data, such as a modem or a network adapter.Further, a memory may be, for example, memory 206 or a cache such asfound in an interface and memory controller hub that may be present incommunications fabric 202.

Two means of software control currently exist: 1) secure boot; and 2)trusted boot. Secure boot depends upon software being digitally signedby an authorizer. Typically, the authorizer is the supplier ordistributor of the software. One drawback of secure boot is therequirement to digitally sign every software module before deployment.Secure boot also requires that the data processing system verify everysoftware module digital signature. The result of the verificationprocess is a go/no go decision by the data processing system. Anotherdrawback of secure boot is that, once signed, it cannot be revoked,since verification is local. Thus, once back level software or softwarewith a vulnerability is signed, for example, secure boot will not stopthe software from running.

Trusted boot measures each software module during boot on a dataprocessing system. A trusted platform module (TPM) of the dataprocessing system records the measurements of each software moduleduring boot. The trusted platform module may then report a state of thesoftware module to a trusted third party server via a network. Onedrawback of trusted boot is that even though the trusted third partyserver may detect an undesired software module based on themeasurements, it is detected after the fact. In other words, trustedboot does not prevent the undesired software module from running on thedata processing system.

Illustrative embodiments combine features of secure boot and trustedboot, but operate differently to avoid the drawbacks of secure boot andtrusted boot. For example, illustrative embodiments measure a softwaremodule while preparing the software module for execution as in the caseof trusted boot. However, unlike trusted boot, illustrative embodimentswill not allow a software module to execute on a data processing systemuntil illustrative embodiments receive from a trusted third party serverpermission to proceed or continue with the process of preparing thesoftware module for execution. In addition, unlike secure boot,illustrative embodiments do not require that software modules beindividually signed by an authorizer. Further, the authorization fromthe trusted third party server may be more than a simple proceed/notproceed with preparing a software module for execution. For example,illustrative embodiments may take into consideration a contextassociated with preparing a software module for execution, such as, forexample, time of day, risk level corresponding to execution of thesoftware module, physical location of the data processing system, anidentity of a user operating the data processing system platform, andthe like. Illustrative embodiments may determine the risk levelcorresponding to execution of the software module by utilizing, forexample, common vulnerabilities and exposures (CVE) identifiers, CommonVulnerability Scoring System (CVSS) scores, and/or Confidentiality,Integrity, and Availability (CIA) ratings. Furthermore, unlike trustedboot, illustrative embodiments prevent an unauthorized software modulefrom executing on a data processing system rather than just reportingthe presence of the unauthorized software module on the data processingsystem.

In one illustrative embodiment, the illustrative embodiment stores a setof one or more measurements of a software module while preparing thesoftware module for execution in a measurement log. When a predefinedcritical point in a set of one or more predefined critical points isreached while preparing the software module for execution, theillustrative embodiment reports the measurements in the measurement logto a trusted third party server using a signed quote of the measurementlog. The trusted third party server analyzes the measurement log anddigitally signs an authorization response directing the data processingsystem to proceed with the process of preparing the software module forexecution based on the measurement log analysis, which verified theintegrity of the software module. If the trusted third party servercannot verify the integrity of the software module based on themeasurement log analysis, then the trusted third party server willdirect the data processing system platform to terminate or abort theprocess of preparing the software module for execution altogether.

It should be noted that alternative illustrative embodiments may utilizea plurality of different predefined critical points in a software moduleand send a digitally signed quote of the measurement log for analysis bythe trusted third party server at each of these predefined criticalpoints. Moreover, as noted above, the analysis by the trusted thirdparty server may depend on various context or circumstances related tothe data processing system.

In another alternative illustrative embodiment, the authorizationresponse from the trusted third party server may direct the dataprocessing system to boot the software module in a different way, suchas, for example, in a limited capability mode with restrictions onaccess to networks, storage devices, or other peripherals. In yetanother alternative illustrative embodiment, the data processing systemmay utilize a security policy of a trusted platform module. For example,the trusted platform module of the data processing system may determinewhether the authorization response from the trusted third party serversatisfies the security policy. If the authorization response satisfiesthe security policy, then the trusted platform module releases a secretcryptographic key, which is required for the data processing system tocontinue with the process of preparing the software module forexecution. If the authorization response does not satisfy the securitypolicy, then the trusted platform module does not release the secretcryptographic key and the boot of the software module stops. The secretcryptographic key may be, for example, a transport layer security keyfor network access or a decryption key for decrypting an encryptedstorage disk.

With reference now to FIG. 3, a diagram of an example software moduleexecution system is depicted in accordance with an illustrativeembodiment. Software module execution system 300 may be implemented in,for example, a network of data processing systems, such as network dataprocessing system 100 in FIG. 1. Software module execution system 300 isa collection of hardware and software components for controllingexecution of a software module on a client data processing system deviceby combining features of secure boot and trusted boot.

In this example, software module execution system 300 includes servercomputer 302 and client device 304. Server computer 302 may be, forexample, server 104 in FIG. 1, which is a trusted third party server.Client device 304 may be, for example, client 110 in FIG. 1 or dataprocessing system 200 in FIG. 2. However, it should be noted thatsoftware module execution system 300 may include any number of servercomputers and client data processing system devices.

In this example, client device 304 includes software module 306 andtrusted platform module 308, such as software module 222 and trustedplatform module 210 in FIG. 2. In response to receiving an input toexecute software module 306, client device 304 starts preparing softwaremodule 306 for execution. Software module 306 may be, for example, anoperating system, application, program, or the like. In this example,software module 306 includes predefined critical points 310 and context312, such as predefined critical points 226 and context 228 in FIG. 2.

While performing a process to prepare software module 306 for execution,client device 304 performs measurements on software module 306. Clientdevice 304 may utilize, for example, a software module executionpreparation manager, such as software module execution preparationmanager 220 in FIG. 2, to perform one or more of the measurements onsoftware module 306. Client device 304 stores the measurements ofsoftware module 306 in software module measurement log 314, such assoftware module measurement log 224 in FIG. 2. In addition, clientdevice 304 records context 312, which is the circumstances, such as timeof day and location of client device 304, associated with the process ofpreparing software module 306 for execution. Client device 304 also maystore context 312, along with the software module measurements, withinsoftware module measurement log 314.

When client device 304 reaches a predefined critical point in predefinedcritical points 310, client device 304 directs trusted platform module308 to generate digitally signed quote 316 of ahash/digest/summary/compression of software module measurement log 314stored in a set of platform configuration registers of trusted platformmodule 308. Client device 304 sends software module measurement log 314and digitally signed quote 316 to server computer 302 withinauthorization request 318.

Server computer 302 utilizes software module measurement and contextanalyzer 320 to analyze the information contained in authorizationrequest 318 to verify the integrity of software module 306 prior toexecution of software module 306 by client device 304. After analyzingthe information contained in authorization request 318, server computer302 sends digitally signed authorization response 322 to client computer304. Client device 304 analyzes digitally signed authorization response322 using trusted platform module 308, for example. Trusted platformmodule 308 determines whether digitally signed authorization response322 satisfies security policy 324, such as security policy 238 in FIG.2. If trusted platform module 308 determines that digitally signedauthorization response 322 satisfies security policy 324, then trustedplatform module 308 releases secret cryptographic key 326, such assecret cryptographic key 240 in FIG. 2, which is required for clientdevice 304 to continue with the process of preparing software module 306for execution. Thus, server computer 302 provides authorization orpermission for client device 302 to continue with preparing softwaremodule 306 for execution.

With reference now to FIGS. 4A-4B, a flowchart illustrating a processfor controlling execution of software is shown in accordance with anillustrative embodiment. The process shown in FIGS. 4A-4B may beimplemented in a data processing system, such as, for example, dataprocessing system 200 in FIG. 2 and client device 304 in FIG. 3.

The process begins when the data processing system receives an input toexecute a software module of the data processing system (step 402). Thesoftware module may be, for example, software module 306 in FIG. 3 andmay be an operating system or a software application. After receivingthe input to execute the software module in step 402, the dataprocessing system starts a process of preparing the software module forexecution on the data processing system (step 404). The process ofpreparing the software module for execution may be, for example,starting an initial boot of an operating system at startup of the dataprocessing system or may be starting an application on the dataprocessing system after the data processing system is operational.

Subsequent, to starting the process of preparing the software module forexecution in step 404, the data processing system performs a set of oneor more measurements on the software module while preparing the softwaremodule for execution (step 406). In addition, the data processing systemrecords the set of one or more measurements on the software module in ameasurement log (step 408). The measurement log may be, for example,software module measurement log 314 of FIG. 3.

Further, the data processing system records a context associated withpreparing the software module for execution (step 410). The context maybe, for example, context 312 in FIG. 3. Moreover, the data processingsystem reaches a predefined critical point in a set of one or moredefined critical points while preparing the software module forexecution (step 412). The predefined critical point may be, for example,a predefined critical point in predefined critical points 310 in FIG. 3.

After reaching the predefined critical point in step 412, the dataprocessing system sends an authorization request to proceed with theprocess of preparing the software module for execution to a trustedthird party server (step 414). The authorization request may be, forexample, authorization request 318 in FIG. 3. The authorization requestmay include, for example, the measurement log corresponding to thesoftware module, a digitally signed quote of the measurement log, andthe context associated with preparing the software module for execution.The trusted third party server may be, for example, server computer 302in FIG. 3.

Subsequently, the data processing system receives an authorizationresponse from the trusted third party server (step 416). Theauthorization response may be, for example, digitally signedauthorization response 322 in FIG. 3. The authorization response mayinclude, for example, a full execution of the software moduleauthorization or a restricted execution of the software moduleauthorization. In addition, the authorization response may include otherinformation, such as an explanation for the restricted executionauthorization or an explanation for terminating the process of preparingthe software module for execution. The explanation may indicate that thetrusted third party server could not verify the integrity of thesoftware module.

After receiving the authorization response from the trusted third partyserver in step 416, the data processing system applies the authorizationresponse to a trusted platform module of the data processing system(step 418). The trusted platform module may be, for example, trustedplatform module 308 in FIG. 3. Subsequent to applying the authorizationresponse to the trusted platform module in step 418, the data processingsystem makes a determination as to whether the trusted platform modulereleased a secret key corresponding to a security policy of the trustedplatform module (step 420). The secret key corresponding to the securitypolicy may be, for example, secret cryptographic key 326 correspondingto security policy 324 in FIG. 3.

If the data processing system determines that the trusted platformmodule did not release the secret key, no output of step 420, then thedata processing system stops the process of preparing the softwaremodule for execution (step 422). In addition, the data processing systemdisplays a message regarding stopping the process of preparing thesoftware module for execution (step 424). The data processing system maydisplay the message in a display device of the data processing system,such as, display 216 in FIG. 2. Thereafter, the process terminates.

Returning again to step 420, if the data processing system determinesthat the trusted platform module did release the secret key, yes outputof step 420, then the data processing system continues the process ofpreparing the software module for execution using the secret key (step426).

Further, the data processing system makes a determination as to whetheranother predefined critical point exists in the set of one or morepredefined critical points in the software module (step 428). If thedata processing system determines that another predefined critical pointdoes exist in the set of one or more predefined critical points, yesoutput of step 428, then the process returns to step 412 where the dataprocessing system goes on to reach the next predefined critical point inthe set of predefined critical points in the software module. If thedata processing system determines that another predefined critical pointdoes not exist in the set of one or more predefined critical points inthe software module, no output of step 428, then the data processingsystem finishes the process of preparing the software module forexecution on the data processing system (step 430).

The data processing system also makes a determination as to whether theauthorization response contains restrictions on execution of thesoftware module (step 432). If the data processing determines that theauthorization response does not contain restrictions on execution of thesoftware module, no output of step 432, then the data processing systemexecutes the software module without any restrictions (step 434) and theprocess terminates thereafter. If the data processing determines thatthe authorization response does contain restrictions on execution of thesoftware module, yes output of step 432, then the data processing systemexecutes the software module under the restrictions contained in theauthorization response (step 436) and the process terminates thereafter.

With reference now to FIG. 5, a flowchart illustrating a process forgenerating an authorization response is shown in accordance with anillustrative embodiment. The process shown in FIG. 5 may be implementedin a server computer, such as, for example, server 104 in FIG. 1 orserver computer 302 in FIG. 3.

The process begins when the computer receives an authorization requestfrom a client data processing system to proceed with a process ofpreparing a software module for execution on the client data processingsystem (step 502). The authorization request from the client dataprocessing system may be, for example, authorization request 318 fromclient device 304 in FIG. 3. The software module may be, for example,software module 306 in FIG. 3.

After receiving the authorization request from the client dataprocessing system in step 502, the computer analyzes a set of one ormore measurements of the software module contained in the authorizationrequest (step 504). In addition, the computer analyzes a contextassociated with the software module contained in the authorizationrequest (step 506). Subsequently, the computer generates anauthorization response based on analysis of the set of one or moremeasurements of the software module and the context associated with thesoftware module (step 508).

Further, the computer digitally signs the authorization response (step510). Furthermore, the computer sends the digitally signed authorizationresponse to the client data processing system (step 512). The digitallysigned authorization response may be, for example, digitally signedauthorization response 322 in FIG. 3. Thereafter, the process returns tostep 502 where the computer waits to receive another authorizationrequest from a client.

Thus, illustrative embodiments of the present invention provide acomputer-implemented method, data processing system, and computerprogram product for controlling execution of a software module on aclient data processing system platform by a trusted third party servercombining features of secure boot and trusted boot. The descriptions ofthe various embodiments of the present invention have been presented forpurposes of illustration, but are not intended to be exhaustive orlimited to the embodiments disclosed. Many modifications and variationswill be apparent to those of ordinary skill in the art without departingfrom the scope and spirit of the described embodiment. The terminologyused herein was chosen to best explain the principles of the embodiment,the practical application or technical improvement over technologiesfound in the marketplace, or to enable others of ordinary skill in theart to understand the embodiments disclosed here.

The flowchart and block diagrams in the Figures illustrate thearchitecture, functionality, and operation of possible implementationsof systems, methods and computer program products according to variousembodiments of the present invention. In this regard, each block in theflowchart or block diagrams may represent a module, segment, or portionof code, which comprises one or more executable instructions forimplementing the specified logical function(s). It should also be notedthat, in some alternative implementations, the functions noted in theblock may occur out of the order noted in the figures. For example, twoblocks shown in succession may, in fact, be executed substantiallyconcurrently, or the blocks may sometimes be executed in the reverseorder, depending upon the functionality involved. It will also be notedthat each block of the block diagrams and/or flowchart illustration, andcombinations of blocks in the block diagrams and/or flowchartillustration, can be implemented by special purpose hardware-basedsystems that perform the specified functions or acts, or combinations ofspecial purpose hardware and computer instructions.

What is claimed is:
 1. A computer-implemented method for controllingexecution of software, the computer-implemented method comprising:responsive to a data processing system receiving an input to execute asoftware module on the data processing system, performing, by the dataprocessing system, a set of measurements on the software module whileperforming a process to prepare the software module for execution on thedata processing system; responsive to the data processing systemdetermining that the set of measurements meets a predeterminedcriterion, requesting, by the data processing system, an authorizationto proceed with the process of preparing the software module forexecution on the data processing system from a trusted third partycomputer; responsive to the data processing system receiving theauthorization to proceed with the process of preparing the softwaremodule for execution on the data processing system from the trustedthird party computer, executing, by the data processing system, thesoftware module; responsive to the data processing system receiving theauthorization to proceed with the process of preparing the softwaremodule for execution on the data processing system from the trustedthird party computer, determining, by the data processing system,whether the authorization satisfies a security policy; and responsive tothe data processing determining that the authorization satisfies thesecurity policy, releasing, by the data processing system, a secret key.2. The computer-implemented method of claim 1 further comprising:sending, by the data processing system, a request for the authorizationto the trusted third party computer, wherein the request for theauthorization includes a digitally signed version of a measurement logassociated with the software module.
 3. The computer-implemented methodof claim 1, wherein the predetermined criterion is a defined point inthe process of preparing the software module for execution.
 4. Thecomputer-implemented method of claim 1, wherein the secret key isreleased from a trusted platform module of the data processing system.5. The computer-implemented method of claim 1, wherein the secret key isrequired by the data processing system to continue with the process ofpreparing the software module for execution on the data processingsystem.
 6. The computer-implemented method of claim 1, wherein the dataprocessing system sends the set of measurements to the trusted thirdparty computer in response to a set of criteria being met, and whereineach different criteria of the set of criteria corresponds to adifferent defined point in a set of defined points in the softwaremodule.
 7. The computer-implemented method of claim 1, wherein the dataprocessing system performs the set of measurements on the softwaremodule during a trusted boot process of the software module on startupof the data processing system, and wherein the software module is anoperating system of the data processing system.
 8. Thecomputer-implemented method of claim 1, wherein the process of preparingthe software module for execution is starting the software module on thedata processing system after the data processing system is operational,and wherein the software module is one application in a plurality ofdifferent applications installed on the data processing system.
 9. Adata processing system for controlling execution of software, the dataprocessing system comprising: a bus system; a storage device connectedto the bus system, wherein the storage device stores programinstructions; and a processor connected to the bus system, wherein theprocessor executes the program instructions to: perform a set ofmeasurements on a software module while performing a process to preparethe software module for execution on the data processing system inresponse to the data processing system receiving an input to execute thesoftware module on the data processing system; request an authorizationto proceed with the process of preparing the software module forexecution on the data processing system from a trusted third partycomputer in response to determining that the set of measurements meets apredetermined criterion; execute the software module in response to thedata processing system receiving the authorization to proceed with theprocess of preparing the software module for execution on the dataprocessing system from the trusted third party computer; determinewhether the authorization satisfies a security policy in response to thedata processing system receiving the authorization to proceed with theprocess of preparing the software module for execution on the dataprocessing system from the trusted third party computer; and release asecret key in response to the data processing determining that theauthorization satisfies the security policy.
 10. The data processingsystem of claim 9, wherein the processor further executes the programinstructions to: send a request for the authorization to the trustedthird party computer, wherein the request for the authorization includesa digitally signed version of a measurement log associated with thesoftware module.
 11. The data processing system of claim 9, wherein thepredetermined criterion is a defined point in the process of preparingthe software module for execution.
 12. A computer program product forcontrolling execution of software, the computer program productcomprising a computer readable storage medium having programinstructions embodied therewith, the program instructions executable bya data processing system to cause the data processing system to performa method comprising: responsive to the data processing system receivingan input to execute a software module on the data processing system,performing, by the data processing system, a set of measurements on thesoftware module while performing a process to prepare the softwaremodule for execution on the data processing system; responsive to thedata processing system determining that the set of measurements meets apredetermined criterion, requesting, by the data processing system, anauthorization to proceed with the process of preparing the softwaremodule for execution on the data processing system from a trusted thirdparty computer; responsive to the data processing system receiving theauthorization to proceed with the process of preparing the softwaremodule for execution on the data processing system from the trustedthird party computer, executing, by the data processing system, thesoftware module; responsive to the data processing system receiving theauthorization to proceed with the process of preparing the softwaremodule for execution on the data processing system from the trustedthird party computer, determining, by the data processing system,whether the authorization satisfies a security policy; and responsive tothe data processing determining that the authorization satisfies thesecurity policy, releasing, by the data processing system, a secret key.13. The computer program product of claim 12 further comprising:sending, by the data processing system, a request for the authorizationto the trusted third party computer, wherein the request for theauthorization includes a digitally signed version of a measurement logassociated with the software module.
 14. The computer program product ofclaim 12, wherein the predetermined criterion is a defined point in theprocess of preparing the software module for execution.
 15. The computerprogram product of claim 12, wherein the secret key is released from atrusted platform module of the data processing system.
 16. The computerprogram product of claim 12, wherein the secret key is required by thedata processing system to continue with the process of preparing thesoftware module for execution.